Lucene search
+L

6 matches found

cvelist
cvelist
added 2 days ago34 views

CVE-2026-20296 SPL Command Safeguards Bypass through Cross-Site Request Forgery (CSRF) in Deployment Server in Splunk Enterprise

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS0.0017EPSS
Exploits0References1
cve
cve
added 2 days ago26 views

CVE-2026-20296

The provided records identify CVE-2026-20296 as a CSRF-based bypass in Splunk Deployment Server within Splunk Enterprise and Splunk Cloud Platform. Affected versions are Splunk Enterprise below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform below 10.5.2605.0, 10.4.2604.7, 10.3.2512...

8.3CVSS6.2AI score0.0017EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2024/10/24 12:0 a.m.10 views

The vulnerability of the SplunkDeploymentServerConfig component of the Splunk Enterprise platform for operational analytics allows a perpetrator to disclose protected information.

The vulnerability of the Splunk Enterprise platform for operational analysis is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to disclose sensitive information that is protected by the system...

7.5CVSS5.4AI score0.00397EPSS
Exploits0References3Affected Software1
osv
osv
added 2024/10/14 5:15 p.m.2 views

CVE-2024-45732

In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk use...

6.5CVSS5.8AI score0.00397EPSS
Exploits0References2
osv
osv
added 2022/06/15 5:15 p.m.6 views

CVE-2022-32157

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients...

7.5CVSS5.8AI score0.01256EPSS
Exploits0References4
attackerkb
attackerkb
added 2022/06/14 11:55 a.m.4 views

CVE-2022-32157

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients...

7.5CVSS5.5AI score0.01256EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder